[renovate] configured minimumReleaseAge #1912
Conversation
…fore updating to them Signed-off-by: Roland Asmann <roland.asmann@gmail.com>
|
Could also use the preset https://docs.renovatebot.com/presets-npm/#npmunpublishsafe |
|
Ah, did not see that before. Personally it would confuse me a bit though, as it would also work that way on other tools, right? I feel the preset name might be a little misleading (not to say biased 😉). |
| @@ -1,5 +1,6 @@ | |||
| { | |||
| "$schema": "https://docs.renovatebot.com/renovate-schema.json", | |||
| "enabledManagers": ["github-actions", "jsonata", "npm", "nvm"], | |||
There was a problem hiding this comment.
Don't know, that was already in there. The line is shown as a diff, since I moved it up -- I like alphabetical ordering if at all possible 😁
@setchy Is there a reason you put it in there?
There was a problem hiding this comment.
Correct, jsonata manager is used to keep the biome.json config updated. You can see what each manager has detected in the Detected dependencies tree at the bottom of #1887
|
Preset or manual, both are ok with me. |
|
It looks like a bug was fixed in setup-sbt after our pins? |
|
If I read the initial on-boarding issue correctly, that is because we only allow Renovate to create new branches on Monday between 0:00 and 3:59. However, I still don't see a new branch for it even now, so... Maybe @setchy can help figure this out? Also, @setchy, where do these actions run? In our (cdgen) repo or somewhere remote? I couldn't find a workflow in our repo, so I am a little confused about this. I would like to be able to check the runs now and again to see if everything is alright. 😉 |
|
The Mend Dashboard is where you'll want to see the logs and dashboard - https://developer.mend.io/github/CycloneDX/cdxgen It's linked at the top of the pinned Dependency Dashboard issue #1887 |
|
The schedule is set as |
Found it! Hadn't had my morning coffee yet (I know it's past noon, don't judge! 😜). And to @prabhu's point, I don't see an update for the setup-sbt action on the dashboard, do you have any idea as to why this is? |
From a little investigation, it appears the hash for the new version is the exact same one we have pinned. I guess we activated the pinning after they released it? The hash for simple 'v1' is also the same, so I guess they updated that tag and we indeed pinned shortly after that... |
@malice00 - Good questions... The Renovate GitHub App will run far more regularly, based on its internal schedules and when it detects updates to external packages that are leveraged by a renovate-enabled repository. So as you noted, the job runs will be quite frequent. The You can always manually create ad-hoc PRs from the Dependency Dashboard, either via the GitHub issue (pinned) or from the Mend Dashboard. Similarly, you can always manually trigger the Renovate job to run by using the checkbox at the bottom of the Dependency Dashboard. |
Configured renovate to wait for packages to be at least 3 days old before updating to them, so we don't have bleeding edge updates and also possibly fall into the 72 hours unpublish period of the NPM-registry.